ssh alternatives
Greg Golin
greg.golin at gmail.com
Wed Sep 21 04:30:10 UTC 2005
Thanks, Thing.
I use AllowUsers -- thats a great directive.
I wonder if its possible to run sshd on two different ports on
separate interfaces..
GG
On 9/20/05, Steven Jones <Steven.Jones at vuw.ac.nz> wrote:
> We run ssh on a non-standard port and have no issues with scripts....
>
> Anyway options we use,
>
> 1) Non-standard ssh port
>
> 2) IPtables ruleset to limit ssh connections from known subnets or IPs.
>
> 3) Add config to sshd_config to only allow ssh connection from certain
> users,
>
> Eg.,
>
> AllowUsers me you
>
> Tcpwrappers is also an option.
>
> We also run iptables to block on other ports eg 80, to our class B
>
> Regards
>
> Thing
>
>
> -----Original Message-----
> From: Greg Golin [mailto:greg.golin at gmail.com]
> Sent: Wednesday, 21 September 2005 3:46 p.m.
> To: redhat-list at redhat.com
> Subject: ssh alternatives
>
> Following a discussion on slashdot I would like to ask this list's
> opinion on providing remote access in general and ssh vs other
> solutions in particular.
>
> So here's the deal. I know most of sshd brute force attempts shall be
> thwarted by running the daemon on a different port. However, many
> existing scripts -- too many to change all of them -- rely on default
> ssh configuration. At the same time, my devs require constant remote
> access to the servers.
>
> I am currently considering disabling ssh on external interfaces and
> installing openswan.
>
> What is your opinion on this issue?
>
> Thanks.
> G
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list